package com.hdw.auth.controller;

import com.hdw.auth.api.BaseAuthUseService;
import com.hdw.auth.bean.model.BaseAuthUse;
import com.hdw.auth.bean.model.SysUsers;
import com.hdw.auth.bean.vo.BaseAuthUseVO;
import com.hdw.auth.bean.vo.LoginParamVO;
import com.hdw.auth.utils.PasswordUtil;
import com.hdw.common.base.BaseResult;
import com.hdw.common.base.token.IgnoreToken;
import com.hdw.common.constant.CommonConstant;
import com.hdw.common.util.TokenUtil;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class LoginController {
    @Autowired
    BaseAuthUseService baseAuthUseService;

    @IgnoreToken
    public BaseResult login(LoginParamVO loginParamVO, HttpServletResponse response) {
        //用户认证信息
        Subject subject = SecurityUtils.getSubject();
        String username= loginParamVO.getUsername();
        BaseAuthUse authUse = baseAuthUseService.getByCd(username);
        BaseAuthUseVO authUseVO = new BaseAuthUseVO();
        if(authUse==null) {
            return BaseResult.error("用户名不存在");
        } else if(!authUse.getFgAct()) {
            return BaseResult.error("用户已冻结");
        } else {
            authUseVO.setCd(authUse.getCd());
            authUseVO.setNa(authUse.getNa());
        }
        String password = PasswordUtil.encrypt(username, loginParamVO.getPassword(), authUse.getSalt());
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(
                username,
                password
        );
        String msg = null;
        try {

            //进行验证，这里可以捕获异常，然后返回对应信息
            subject.login(usernamePasswordToken);
            Long currentTimeMillis = System.currentTimeMillis();
            String token = TokenUtil.getToken(username,currentTimeMillis,loginParamVO.getSdSoft());
            response.setHeader(CommonConstant.X_ACCESS_TOKEN, token);
            return BaseResult.success(authUseVO);
        } catch (UnknownAccountException e) {
            msg = "用户名不存在！";
        } catch (AuthenticationException e) {
            msg =  "账号或密码错误！";
        } catch (AuthorizationException e) {
            msg =  "没有权限";
        }
        return BaseResult.error(msg);
    }

    @RequestMapping(value = "/logout")
    public BaseResult<Object> logout(HttpServletRequest request, HttpServletResponse response) {
        try {
            //用户退出逻辑
            String token = request.getHeader(CommonConstant.X_ACCESS_TOKEN);
            String username = TokenUtil.getClaim(token,"username");
            BaseAuthUse sysUser = baseAuthUseService.getByCd(username);
            SecurityUtils.getSubject().logout();
            return BaseResult.success(null,"已成功退出");
        } catch (Exception e) {
            return BaseResult.error("无法正常退出"+e.getMessage());
        }
    }

}
